PKCE Generator

Generate code_verifier and code_challenge for OAuth 2.0 PKCE flows

SHA-256 hash of the code_verifier. More secure and recommended for all clients.

Code challenge equals code verifier. Only use if S256 is not supported.

Code Verifier

Length: 0 characters. Store this securely - you'll need it for the token request.

Code Challenge

Method: S256. Include this in your authorization request.

Authorization URL Parameters

Verifier Length:

Generate code_verifier

Create a cryptographically random string (43-128 characters)

Create code_challenge

For S256: BASE64URL(SHA256(code_verifier)). For plain: code_challenge = code_verifier

Authorization Request

Include code_challenge and code_challenge_method in the authorization URL

Token Request

Include the original code_verifier when exchanging the authorization code for tokens

Server Verification

The authorization server verifies that SHA256(code_verifier) matches the original code_challenge